forked from sr2/cloud-api
parent
ec41d1ed05
commit
61e186a727
2 changed files with 63 additions and 8 deletions
|
|
@ -102,9 +102,9 @@ async def can_act_on_resource(
|
||||||
request_model: IAMCAoRRequest,
|
request_model: IAMCAoRRequest,
|
||||||
):
|
):
|
||||||
"""
|
"""
|
||||||
This endpoint is not meant for the Hub frontend to interact with.
|
This endpoint is not meant for the Hub frontend to interact with.\n
|
||||||
Services accessing this endpoint must be already registered within the Hub and been issued an API key.
|
Services accessing this endpoint must be already registered within the Hub and been issued an API key.\n
|
||||||
Resource Names have an instance property but permissions do not presently have that level of granularity.
|
Resource Names have an instance property but permissions do not presently have that level of granularity.\n
|
||||||
"""
|
"""
|
||||||
response = {
|
response = {
|
||||||
"allowed": False,
|
"allowed": False,
|
||||||
|
|
@ -150,11 +150,24 @@ async def can_act_on_resource(
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
|
@router.get(
|
||||||
|
path="/group/permissions",
|
||||||
|
summary="Gets a list of permissions granted to a group",
|
||||||
|
status_code=status.HTTP_200_OK,
|
||||||
|
response_model=IAMGetGroupPermissionsResponse,
|
||||||
|
responses={
|
||||||
|
status.HTTP_401_UNAUTHORIZED: {
|
||||||
|
"description": "Group does not belong to this organisation"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
)
|
||||||
async def get_group_permissions(
|
async def get_group_permissions(
|
||||||
group_model: group_model_query_dependency,
|
group_model: group_model_query_dependency,
|
||||||
org_model: org_model_root_claim_query_dependency,
|
org_model: org_model_root_claim_query_dependency,
|
||||||
):
|
):
|
||||||
|
"""
|
||||||
|
Gets a list of permissions granted to the group. Also returns a summary for the org and group.
|
||||||
|
"""
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException("Group does not belong to this organization")
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
return {
|
return {
|
||||||
|
|
@ -164,11 +177,24 @@ async def get_group_permissions(
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
|
@router.get(
|
||||||
|
path="/group/users",
|
||||||
|
summary="Gets a list of users assigned to a group",
|
||||||
|
status_code=status.HTTP_200_OK,
|
||||||
|
response_model=IAMGetGroupUsersResponse,
|
||||||
|
responses={
|
||||||
|
status.HTTP_401_UNAUTHORIZED: {
|
||||||
|
"description": "Group does not belong to this organization"
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
async def get_group_users(
|
async def get_group_users(
|
||||||
group_model: group_model_query_dependency,
|
group_model: group_model_query_dependency,
|
||||||
org_model: org_model_root_claim_query_dependency,
|
org_model: org_model_root_claim_query_dependency,
|
||||||
):
|
):
|
||||||
|
"""
|
||||||
|
Gets a list of users assigned to the group. Also returns a summary for the org and group.
|
||||||
|
"""
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException("Group does not belong to this organization")
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
return {
|
return {
|
||||||
|
|
@ -178,12 +204,25 @@ async def get_group_users(
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@router.post("/group", response_model=IAMPostGroupResponse)
|
@router.post(
|
||||||
|
path="/group",
|
||||||
|
summary="Creates a new group",
|
||||||
|
status_code=status.HTTP_201_CREATED,
|
||||||
|
response_model=IAMPostGroupResponse,
|
||||||
|
responses={
|
||||||
|
status.HTTP_409_CONFLICT: {
|
||||||
|
"description": "Group with this name already exists"
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
async def create_group(
|
async def create_group(
|
||||||
db: db_dependency,
|
db: db_dependency,
|
||||||
org_model: org_model_root_claim_body_dependency,
|
org_model: org_model_root_claim_body_dependency,
|
||||||
request_model: IAMPostGroupRequest,
|
request_model: IAMPostGroupRequest,
|
||||||
):
|
):
|
||||||
|
"""
|
||||||
|
Creates a new IAM group.
|
||||||
|
"""
|
||||||
group_model = Group(name=request_model.name, org_id=org_model.id)
|
group_model = Group(name=request_model.name, org_id=org_model.id)
|
||||||
|
|
||||||
db.add(group_model)
|
db.add(group_model)
|
||||||
|
|
@ -200,7 +239,20 @@ async def create_group(
|
||||||
return {"group": response}
|
return {"group": response}
|
||||||
|
|
||||||
|
|
||||||
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
|
@router.put(
|
||||||
|
path="/group/permission",
|
||||||
|
summary="Grants a permission to a group",
|
||||||
|
status_code=status.HTTP_200_OK,
|
||||||
|
response_model=IAMPutGroupPermissionResponse,
|
||||||
|
responses={
|
||||||
|
status.HTTP_401_UNAUTHORIZED: {
|
||||||
|
"description": "Group does not belong to this organization"
|
||||||
|
},
|
||||||
|
status.HTTP_409_CONFLICT: {
|
||||||
|
"description": "This permission is already granted to this group"
|
||||||
|
},
|
||||||
|
},
|
||||||
|
)
|
||||||
async def add_group_permission(
|
async def add_group_permission(
|
||||||
db: db_dependency,
|
db: db_dependency,
|
||||||
group_model: group_model_body_dependency,
|
group_model: group_model_body_dependency,
|
||||||
|
|
@ -208,6 +260,9 @@ async def add_group_permission(
|
||||||
org_model: org_model_root_claim_body_dependency,
|
org_model: org_model_root_claim_body_dependency,
|
||||||
request_model: IAMPutGroupPermissionRequest,
|
request_model: IAMPutGroupPermissionRequest,
|
||||||
):
|
):
|
||||||
|
"""
|
||||||
|
Grants a permission to a group. Returns a list of the permissions in the group as well as a summary for the org and group.
|
||||||
|
"""
|
||||||
if group_model.org_id != org_model.id:
|
if group_model.org_id != org_model.id:
|
||||||
raise UnauthorizedException("Group does not belong to this organization")
|
raise UnauthorizedException("Group does not belong to this organization")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -280,7 +280,7 @@ async def test_post_group_success(default_client: AsyncClient):
|
||||||
resp = await default_client.post(
|
resp = await default_client.post(
|
||||||
"/iam/group", json={"name": "New Group", "organisation_id": 1}
|
"/iam/group", json={"name": "New Group", "organisation_id": 1}
|
||||||
)
|
)
|
||||||
assert resp.status_code == 200
|
assert resp.status_code == 201
|
||||||
|
|
||||||
data = resp.json()
|
data = resp.json()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue